Goatse Security defends decision to publicize hole in AT&T's Web site in the name of national security

Apple's reputation for security continues to take hits as hacker group Goatse Security today accused the company of failing to patch a flaw in Safari -- known since March -- and rendering iPads susceptible to active exploits in the hundreds, if not thousands.

According to Auernheimer, Goatse Security released an overflow exploit for Safari back in March. Apple patched the vulnerability for the desktop, but not for the iPad: "This bug we crafted allows the viewer of a Web page to become a proxy (behind corporate and government firewalls!) for spamming, exploit payloads, password bruteforce attacks, and other undesirables. The kicker is that this attack cannot be detected by any current IDS/IPS system. We released this in March, mind you, and Apple still hasn't got around to patching this on the iPad!" Auernheimer wrote.

Auernheimer concludes that Apple's failure to patch the vulnerability has given hackers an opportunity to develop hundreds, if not thousands, of active iPad exploits, which means "the iPad simply is not a safe platform for those that require a secure environment."

That led to the group's decision to reveal the hole in AT&T's Web site, which Auernheimer said the group did in the name of national security. Auernheimer reasoned that AT&T was not moving quickly enough to protect iPad users, which include high-profile military leaders, politicians, and CEOs.

"When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare," Auernheimer wrote. "We understand that good deeds many times go punished, and AT&T is trying to crucify us over this."